-
Notifications
You must be signed in to change notification settings - Fork 47
SSH
SSH can be used to remotely log in to the device. If you're familiar with Linux, you'll find the command line offered by thingOS suitable for tweaking the OS, debugging or simply exploring the internals.
By default, root is the only user that is available for login (with its admin alias). At boot, its password is empty. You should make the necessary steps to set a root password as soon as you've booted up your system. See User Accounts for more details.
The SSH server uses /etc/sshd_config as configuration file, which sets the unique authorized keys file path to /data/etc/ssh_authorized_keys.
First, ensure you have your SSH private/public key pair, on your laptop (assuming you run Linux):
$ test -f ~/.ssh/id_rsa.pub || ssh-keygen
Then transfer your public key to the device:
$ ssh-copy-id root@your_device
Alternatively, just copy the contents of your laptop's ~/.ssh/id_rsa.pub to the device's /data/etc/authorized_keys.
The thingOS command line is a regular shell based on bash. Most binaries are however provided by BusyBox, so you may find some incompatibilities/limitations when compared to a fully fledged Linux system.
You can play around with the system but keep in mind that:
- the
rootandbootpartitions are read-only - you can mount the
rootandbootpartitions read-write, but a firmware update will discard any of your changes - you may actually make changes to
/usr,/var/liband/var/log; the mounted overlay filesystems allow you to
See Partitions for more details.
You may want to run remote commands from within thingOS using the ssh command, on another machine. You can automate the login process using SSH keys as follows (run these commands on the device):
-
Generate a key pair for your device:
# ssh-keygen -f /data/etc/ssh_id_rsa -
Configure the SSH client so that it reads the identity from the newly created private key:
# echo "IdentityFile /data/etc/ssh_id_rsa" >> /data/etc/ssh_config -
Tell your SSH client to store known hosts data on the writable partition:
# echo "UserKnownHostsFile /data/etc/ssh_known_hosts" >> /data/etc/ssh_config -
Copy your device's public key and add it to your other machine's
~user/.ssh/authorized_keysfile:# cat /data/etc/ssh_id_rsa.pubAlternatively, you can usessh-copy-idfor this transfer:# ssh-copy-id -i /data/etc/ssh_id_rsa user@otherhost -
Test the setup; it should run the
ls -lcommand remotely without asking for a password (will ask you to confirm the authenticity of the remote host once, though):# ssh user@otherhost ls -l
The SFTP functionality is enabled by default in thingOS. Using the correct credentials, an SFTP client will allow you to browse the files on your device:
$ sftp root@yourdevice
- bluetooth.conf
- captive-portal.conf
- cpufreq.conf
- date.conf
- dnsmasq.conf
- docker-compose.yml
- dtoverlays
- dyndns-update.sh
- environment
- firewall.sh
- fstab.user
- hostapd.conf
- ifalias.conf
- localtime
- modprobe.conf
- modules
- mongodb.conf
- netwatch.conf
- ntp.conf
- os.conf
- proftpd.conf
- redis.conf
- smb.conf
- ssh/config
- ssh/sshd_config
- ssl/domain
- ssl/email
- static_ip.conf
- sysctl.conf
- toemmc.conf
- version
- watchdog.conf
- wpa_supplicant.conf